Conspiracy of the week: Can your car be hacked while you’re driving?

Share This article

Imagine if hackers could mess with your car while you’re under way. Sure, it seems far-fetched, like a government agency that monitors every cell phone call. Even if the odds are low, the dangers of a hacked car are high, so academics and security experts spend time studying the possibility and write papers saying there are potential problems and it wouldn’t hurt to fund more research. The hacked car conspiracy theory got a boost recently with the auto accident death of Rolling Stone contributing editor Michael Hastings, under circumstances that were suspicious if you wanted to see them that way. Plenty of people did.

Some serious research has been done on hacking the car, via the OBD-II on-board diagnostics connector (which is mandated on modern cars, and look how easy it easy to find the port, right under the dash), and via wireless devices such as OnStar (and look how they’re proliferating). In both cases, the research has shown how almost every aspect of a car, including braking and steering, can be controlled by hackers.

Academic work from the University of Washington (Experimental Security Analysis of a Modern Automobile [PDF]) in 2010 and UC San Diego (Comprehensive Experimental Analyses of Automotive Attack Surfaces [PDF]) in 2011 highlight the potential attack vectors, and outcomes, of car hacking. Basically, the authors say that if you can hack the car, you can do all sorts of things that can’t be overridden by the driver. Some are minor, such as keeping washer fluid squirting after the driver stops pushing on the windshield washer button. But they also found they could disable some security aspects of the car’s networks, in some cases because automakers took shortcuts or didn’t fully follow security protocols. If you could embed malware, researchers found it could erase itself after a crash.

The second paper showed how hacks could reach the car wirelessly. General Motors’ OnStar telematics service has a feature, stolen car slowdown, that gradually slows the car if it’s being driven by a thief. The OnStar-to-car link is encrypted and secure, OnStar says. But if if it were compromised, imagine sending a command that worked the opposite way and doubled the speed of the car while the driver — an investigative journalist who just got an Army four-star general fired — was behind the wheel, and fired off the airbags before the car crashed so that they had no lifesaving value.

Need more? Charlie Miller, a security engineer for Twitter who was said to be the first to hack the Apple iPhone and Android G1, will give a talk on security shortcomings of cars at Def Con 21, which runs August 1-3 in Las Vegas at the Rio Hotel. Conspiracists will love this: Miller says his talk was originally rejected by the Black Hat conference. This is the abstract:

Automotive computers, or Electronic Control Units (ECU), were originally introduced to help with fuel efficiency and emissions problems of the 1970s but evolved into integral parts of in-car entertainment, safety controls, and enhanced automotive functionality. This presentation will examine some controls in two modern automobiles from a security researcher’s point of view. We will first cover the requisite tools and software needed to analyze a Controller Area Network (CAN) bus. Secondly, we will demo software to show how data can be read and written to the CAN bus. Then we will show how certain proprietary messages can be replayed by a device hooked up to an OBD-II connection to perform critical car functionality, such as braking and steering. Finally, we’ll discuss aspects of reading and modifying the firmware of ECUs installed in today’s modern automobile.

In the video below, Miller takes control of a car’s steering wheel remotely.

Why the conspiracy theorists keyed on Michael Hastings’ death

Hastings, 33, died in a “fiery” crash in Los Angeles this spring. He wrote articles that hurt military bigwigs. The accident was at the unusual hour of 4 a.m. and some parts of his Mercedes-Benz C250 were found far away, which some said could be explained by an explosion (or a high-speed crash). He had just attended the premiere of Dirty Wars. He had sent a “panicky” email to BuzzFeed (he also wrote for them) that said he was onto a big story. He had just spoken to a lawyer for WikiLeaks. Need further proof it could be a conspiracy? CNN ran a piece, “Was Journalist’s Death an Accident?” and CNN is big-time.

Should you be nervous?

There’s plenty of serious research that says you should be nervous about your car being hacked, and there are several logical places to hack the car (OBD-II connector, wireless interfaces). Previously, perhaps foolheartedly, it was presumed that these interfaces couldn’t be hacked — a presumption we now know to be false. The electromechanical malfunctions of cars that allegedly wouldn’t respond to brakes and couldn’t be shut off tend to have more prosaic explanations: drivers who mistook the gas and brake pedals, carpet mats that got in the way, or drivers who don’t know you need to hold the start-stop button down to shut off the engine while the car is underway. But in the meantime, the majority of drivers get the impression some demon seed was spawned inside the car — and maybe, just maybe, we now know that there’s a chance that hackers are actually to blame.

Post a Comment

I wouldn’t take such flippent attitude towards that if I where you bub ;-) as a locksmith of some years myself aka having personally used MVP technology to program new keys into the previous system in order to,

Make new keys when clients need a spare and/or to void out ALL already preexisting key codes, thus resetting it to factory when keys have been lost or stolen.

To make them a key when none are available I know the OBD-ll port can be hacked ( its how I pay my bills lol ),

And if I can do it to cut a key using that port I don’t see why an unscrupulous “friend” one has known for years couldn’t hack it for far more dire purposes.

Use of this site is governed by our Terms of Use and Privacy Policy. Copyright 1996-2015 Ziff Davis, LLC.PCMag Digital Group All Rights Reserved. ExtremeTech is a registered trademark of Ziff Davis, LLC. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis, LLC. is prohibited.